CVE-2017-0909

CVE-2017-0909

Vendor Hackerone
Product private_address_check ruby gem
Weakness CWE-184
Published November 16, 2017
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.

Key dates

02Disclosure timeline

November 16, 2017 CVE published
September 16, 2024 Record updated